If a trusted ticket was issued to a user who had access to multiple sites, the trusted ticket could be redeemed for any site the user had access to, regardless of what site the ticket was requested for. Tickets are now restricted to only the requested site, or to the default site if no site was requested.